# Shared Flashcard Set

## Details

2B - SES 622 - Module 2 - Systemic Security Requirements
N/A
36
Engineering
04/30/2012

Term
 Physical Security encompasses what three main things?
Definition
 1. Environmental tolerances2. Covers damage and loss due to sabotage or theft.3. Includes threats to personnel, including coercion of trusted insiders.
Term
 What does EASI stand for?
Definition
Term
 What is EASI?
Definition
 It is a is a dynamic, analytic method widely used by security professionals to evaluate a physical protection security system (ppss).
Term
 What is the Critical Detection Point (CDP)?
Definition
 Any position on a facility where if an adversary is detected, there is enough time remaining for the response force to interrupt the adversary.
Term
Definition
 A method that analyzes many attack paths in order to indentify the path of greatest system vulnerability.
Term
 What is a connectivity diagram?
Definition
 A node/link based diagram where nodes represent physical or logical locations with the system and links measure connectivity between the locations such as travel time or cost to travel between nodes. Used to identify shortest paths through the system.
Term
 How is a simple incident matrix created? (2 steps)
Definition
 1. One row for each node and one column for each arc.2. For each arc (i, j), put +1 in row i and -1 in row j.
Term
 What are the two main types of connectivity diagrams?
Definition
Term
 Compare Task-based and Location-based Connectivity diagrams
Definition
 1. Task-based are usually based on more information and so are better for travel time and detection probability analysis.2. Location-based are generally based on less information and so should be more conservative.
Term
 What are the four characterisitc factors of Multiple Adversary Team analysis?
Definition
 1. The helper team detection factor (HTDF)2. The helper team time factor (HTTF)3. The simultaneous primary team detection factor (STDF)4. The Simultaneous primary team time factor (STTF)These four factors help to describe the influence multiple adversary teams have on one another and they must be specified at the outset of the problem.
Term
 What is a physical security survey? (two main parts)
Definition
 A technique to recognize and appraise two types of risk to target:• Possible maximum loss• Probable maximum lossOften used on a scenario basis in combination with threat analysis.
Term
 What is a "message"?
Definition
 Information materialized.
Term
 What is information? (three parts)
Definition
 1. Carries new knowledge.2. Conveyed by some carier: Letters, digits, symbols.3. Is meaningful/interpretable to the recipient.
Term
 What are four main questions that Information Theory is concerned with?
Definition
 1. How to quantify the amount of information?2. How much memory is needed to store information?3. How can we protect the information?4. What to do if information is corrupted by noise?
Term
 What is the information content of a message according to Claude Elwood Shannon?
Definition
 The number of 0s and 1s it takes to describe the information.
Term
 What is the elementary unit of information?
Definition
 The bit.
Term
 All models of information flow include a "channel". What happen to information as it flow across a channel?
Definition
 The information can be corrupted. Note: Even if security is not considered, this can be done through the introduction of random information (noise).
Term
 What was Claude Elwood Shannon's basic information flow observation regarding bit correction?
Definition
 We should not correct single bits. This is wasteful. We should correct blocks of bits.
Term
 According to information theory, information is contained only is the messages that are "fill-in-the-blank-here" to the receiver.
Definition
 Uncertain
Term
 What is meta data?
Definition
 Data that describes data. E.g., network packet headers, block parity bits, etc.
Term
 What are the three main parts of traditional information classification?
Definition
 1. Create information.2. Label using meta data.3. Handle according to label.
Term
 What was the more recent insight over traditional information classification?
Definition
 Data should be classified according to how the system data is processed/used.
Term
 System security requirements should be integrated into what type of system requirements?
Definition
 Functional
Term
 System vulnerability are frequently introduced in what type of requirements?
Definition
 Interface.
Term
 What is specialty engineering?
Definition
 The collection of those narrow disciplines that are needed to engineer a complete system. E.g., reliability, maintainability, availability, human factors, safety, electromagnetic effects, facilities, logistics.
Term
 What is reliability?
Definition
 The probability that an item will perform its intended function for a specified period of time under stated conditions.
Term
 What is availability?
Definition
 A measure of the degree to which an item is in an operable and committable state at the start of a mission when the mission is called for at a random time.
Term
 What is maintainability?
Definition
 The measure of the ability of an item to be retained in or testored to a specified condition when maintenance is performed by personnel having specified skill lelvel, using prescribed procedures and resources, at each presribed level of maintenance and repair.
Term
 Qualities to Components (hierarchy - sevel levels)
Definition
 1. Need(ed Quality)2. Attributes (qualitative)3. Capabilities4. Functions5. Measures6. Analysis7. Units/Components
Term
 System Security (definition)
Definition
 An emergent property that arises from the interactions between system elements and an adversary• adversary may or may not be part of the system under consideration• adversary may or may not be intentionally malicious
Term
 Epistemic Frame
Definition
 A theory of learning that looks not at isolated skills and knowledge, but at how those skills and knowledge systematically link to one another—and to the values, identity, and ways of making decisions and justifying actions of some community of practice.
Term
 Security (Bayuk)
Definition
 Something that thwarts people (and/or systems acting on their behalf) who, intentionally or not, enact threats that exploit system vulnerabilities and thereby cause damage that adversely impacts system value.
Term
 System Feature (Bayuk)
Definition
 A system capability that contributes to its security.
Term
 Security Metric
Definition
 Measurement that characterizes an attribute of the system of interest that is proposed to have both face and construct validity in the context of a hypothesis that the system is secure.
Term
 Security Framework
Definition
 The concept of operations, mission, and environment under which a system operates.
Term
 Security Systemigram (story)
Definition
 Security thwarts perpetrators who enact threats to exploit vulnerabilities that permit disruption that harms systems which produce and manage value.
Supporting users have an ad free experience!